Protect your account with individual 2-step verification

  • Updated
  • Optimizely Web Experimentation
  • Optimizely Personalization
  • Optimizely Performance Edge
  • Optimizely Feature Experimentation
  • Optimizely Full Stack (Legacy)

Individual two-step verification increases the security of an Optimizely Experimentation or Optimizely Personalization account by adding a second level of authentication when signing in. Two-step verification requires you to enter a code that you access from your mobile phone, instead of only relying on your password. This protects your account, even if your password is compromised.

If your organization migrated to Opti ID, you must manage users in Opti ID. See the Opti ID user documentation.

Enable individual two-step verification

  1. Download and install an authenticator app for your phone. You can choose from Google Authenticator (Android, iOS, Blackberry), Duo Mobile (Android, iOS), or Microsoft Authenticator (Windows Phone).

    These apps generate secret codes for your phone every 30 seconds. When you log in to Optimizely, you need the most current code to gain access to your account.

  2. Go to your Profile and click Enable under 2-Step Verification.


  3. Enter your password to confirm, and click Next.


  4. Open the authenticator app from your mobile device and use it to scan the QR code generated by Optimizely Experimentation. This links your account to your phone.


  5. Enter the security code from your authenticator app in the field and click Next.


    If you are encountering an error where your authentication codes are showing as invalid, review the steps in the Troubleshooting section.

Upon successful enrollment, a modal containing your backup codes displays. Save these in a safe place in case you lose your phone or cannot access your authenticator app. Read the Backup codes section for more information.

Sign in 

After you enable individual two-step verification, enter a current security code from your authenticator app in addition to your password any time you sign in to Optimizely Experimentation.

  1. Sign in to Optimizely Experimentation using your username and password. Doing so prompts you to enter your security code. 


  2. Open your authenticator app on your mobile device. It generates a new security code every 30 seconds.
  3. Enter the current security code and click Verify before the code expires.

Backup codes

When you enable individual two-step verification, you are given a list of backup codes similar to these:


Write down the codes generated for you and store them in a safe place. If you lose your phone or cannot access your authenticator app, you can use a backup code for one-time access to your account. After a code is used, it is no longer valid.

You can generate new backup codes by clicking Generate New Backup Codes under Profile > Preferences > 2-step Verification. This renders all older codes invalid.

Synchronize Google Authenticator

If after you scan your QR code and are inputting your authentication code in for the first time, or are returning to log in and noticing that your generated authentication codes are being flagged as invalid, it might be because of the time on your Google Authenticator app is not synchronized correctly.

To make sure that you have the correct time:

  1. Go to the main menu on the Google Authenticator app.
  2. Click Settings.
  3. Click Time correction for codes.
  4. Click Sync now.

On the next screen, the app confirms that the time is synchronized, and you should now be able to use your authentication codes to sign in. The synchronization only affects the internal time of your Google Authenticator app on your Android phone, and does not change your device's Time and Date settings.

Disable individual two-step verification

If you no longer want the extra protection provided by individual two-step verification, you can disable the feature in your Account Settings. Select Disable, click Save, and enter your Optimizely password when prompted.

Locked out

If you are having trouble logging into your account using individual two-step verification, try the following steps in order:

  1. Use one of the backup codes generated during your initial sign-up.
  2. If you are using an authentication app such as Google Authenticator, check the app's time correction settings and re-synchronize the app if necessary.
  3. If you are still signed into Optimizely Experimentation (on another device, for example), turn off individual two-step verification within your Account Settings.
  4. Ask an administrator on your account to open a support ticket on your behalf. Provide the user's email address whose two-step verification is not working. If you are an administrator on the account and cannot log in, have another administrator file a support ticket on your behalf.

If these steps do not work, file an online ticket for support.